Recently, I was put to the task of running some audits on a raft of Oracle databases. Now, I’ll be the first to admit that I’m rusty in the database space. So, I looked high and low for some Oracle password crackers. The best one that I found was the commercial offering AppDetective. Mind you this is very expensive so, it’s a bit of a luxury item for a lot of infosec types. But, it can do Oracle and SQL. Next I started poking about looking for some other tools to audit SQL passwords and I came across this article by Kevin Beaver.
To get things rolling, you need to determine which systems are available to test. You may know your environment like the back of your hand, but it doesn’t hurt to ferret out servers you may have forgotten or those someone else connected to the network. You should at least run SQLPing2, but I highly recommend SQLRecon to find SQL instances you might not otherwise be able to discover.
He has screenshots and links to several good tools.
[tags]Databases, Password Crackers, Password Audits, SQL Database, Passwords, Password Tools[/tags]
Hi,
There are quite a few Oracle password crackers available, some commercial and some free. There is not need to buy a commercial password cracker for Oracle. The orabf tool from 0rm is tha fastest there is. Also there is checkpwd from red database security.
Patrik Karllson has a free SQL Server password cracker and sqlsecurity.com, Chip Andrews site has a good list of SQL Tools. I maintain a list of all the free and commercial Oracle security tools, including password crackers and default password checking tools at http://www.petefinnigan.com – have a look at the tools page and the default password page.
Hope this helps you.
cheers
Pete
Did you hear that? That, that was the sound of my head hitting the desktop. Sorry Pete. I wasn’t kidding when I said I was rusty with the database aspect. I even have you in my links. Sigh. Sorry for the omission. Your site is an excellent resource. I have been there many times. I’ll check my notes next time before I write without a coffee in me.
cheers